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DETAILED ACTION 

Response to Amendment 

1 . This office action is in response to the RCE/amendment filed 05/28/08. Claims 1 , 
6, 13 have been amended; new claims 20-21 have been added. 



Response to Arguments 

2. Applicant's arguments with respect to the rejection of claims 1 , 6 and 1 3 under 35 
U.S.C. 102(e) as being anticipated by Leser et al. (US 2005/0028006 A1) have been 
fully considered but they are not persuasive. Applicant argues that Leser does not 
disclose changing the state of the process-driven security policy for the electronic 
document automatically based on an internal or external system-level event because a 
user must activate a droplet control to select a new control policy for a transfer, which 
causes an agent to associate a different policy with the document. Applicant reasons 
that the agent in Leser cannot be said to be responding to an "internal or external 
system-level event" as recited in claims 1 , 6, and 13, but rather a direct instruction to 
change the control policy to the control policy selected by the user in the droplet control 
(Remark, the last paragraph of page 8 through the first paragraph of page 9). 

The limitation "an internal or external system-level event" is not defined in the 
originally filed disclosure; therefore, a broad and reasonable interpretation of the 
limitation reads on any action performed by a user upon the system, especially in light 
of dependent claims 20 and 21, which recite "the event is a user-triggered event" and 
"the event occurs at or is received at the client machine". As such, the user's actions 
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disclosed by Leser (i.e., activating a droplet control and selecting a new control policy) 
meet the limitation of the claimed "internal or external system-level event". 

3. Applicant's arguments with respect to the rejection of claims 6 and 1 3 under 35 
U.S.C. 102(b) as being anticipated by Downs etal (6,226,618) have been fully 
considered but they are not persuasive. Applicant argues that regardless of whether N 
plays or N-1 plays remain on content in Downs, the access restrictions remain the same 
until zero plays remain (Remark, the last paragraph of page 10 through the first 
paragraph of page 11). It is well known in the digital rights management art that content 
access control/restrictions are not limited to having access to the content or not, but 
also how the content can be accessed (e.g., view only, view and copy, etc.) and how 
many times or how long the content can be accessed. Therefore, a set of access 
restrictions reads on a specific number of times content can be played. 

Specification 

4. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: Applicant is required to make appropriate amendment to the 
description to provide clear support or antecedent basis for the term "an internal or 
external system-level event" appearing in claims 1, 6 and 13. 
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Claim Objections 

5. Claim 21 is objected to because of the following informalities: there is insufficient 
antecedent basis for the limitation "the client machine" recited in the claim (line 2). For 
examination purposes, the limitation is interpreted as "a client machine". Appropriate 
correction is required. 

Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

7. Claims 13 and 15-19 are rejected under 35 U.S.C. 101 as failing to be limited to 
embodiments which fall within a statutory category. Claim 13 is directed to a data 
storage device including computer program code. According to the specification, such a 
data storage device includes carrier waves (i.e., the computer readable medium is any 
storage device, and examples of the computer readable medium includes carrier 
waves) (see Specification, page 23, paragraph 0090), which does not fall within one of 
the four statutory classes of § 101 (see MPEP 21 06). Claims that are not specifically 
addressed are rejected by virtue of their dependency. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 



Application/Control Number: 10/677,049 
Art Unit: 2132 



Page 5 



(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1-6, 8-9, 11-13, 15-16 and 18-21 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Leser et al. (2005/0028006). 

10. Regarding claim 1 , Leser discloses a method for limiting access to an electronic 
document (Abstract) comprising: 

creating a process-driven security policy having a plurality of states, with each of 
the states having a different set of access restrictions (figures 1-5; paragraphs 0096, 
0106); 

associating an identifier to the process-driven security policy (i.e., 
research/review/publish policy) (fig. 1, element 14; figures 2-5); 

making the identifier available to certain of users or groups of users (fig. 15, 
element 124; paragraph 0191); 

associating the electronic document with at least one of the states of the 
process-driven security policy to impose access restrictions on an electronic document 
(i.e., attaching the document with a control policy tag (CPT) identifying a control policy) 
(fig. 6, element 23; fig. 8; paragraph 0132); and 

changing the state of the process-driven security policy for the electronic 
document automatically based on an action(s) performed by a user upon the system, 
(i.e., the Director of Research transfers the document to the VP Compliance and 
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activates the Review policy), wherein the changed state is based on a transition rule 
associated with the event (i.e., document research -» document review -» document 
publishing) (figure 1; figures 2-3, step 7; fig. 5, step 12). A broad and reasonable 
interpretation of the claimed limitation "an internal or external system-level event" reads 
on any action performed by a user upon the system. 

1 1 . Regarding claim 2, Leser further discloses that the identifier is a classifier (i.e., 
research/review/publish policy) (fig. 1, element 14; figures 2-5). 

12. Regarding claims 3-4, Leser further discloses that the process-driven security 
policy is provided or part of a document security system in which the identifier is 
assigned to a document when the document is created (i.e., providing a policy to a new 
document) (fig. 6, elements 22-23; paragraphs 0146, 0194-0195). 

1 3. Regarding claim 5, Leser further discloses that the process-driven security policy 
is provided or part of a document security system in which the identifier is assigned to 
multiple documents when the multiple documents are created (i.e., providing a policy to 
a new document, and protecting multiple documents by a single policy) (fig. 6, elements 
22-23; paragraphs 0146, 0194-0195). 

14. Regarding claims 20-21 , Leser further discloses that the event is a user-triggered 
event occurring at or received at a client machine (i.e., the state of the process-driven 
security policy for a document changes when the user transfers the document using 
his/her computer) (fig. 16, step 136). 

15. Regarding claim 6, Leser discloses a method for imposing access restrictions on 
an electronic document comprising: 
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providing at least one process-driven security policy to a client machine (fig. 17, 
steps 140-142), the process-driven security policy having a plurality of states associated 
therewith with each of the states having a different set of access restrictions (fig. 1 , 
elements 14; figures 2-5; paragraph 0106); 

associating an electronic document with at least one of the states of the process- 
driven security policy (i.e., associating new document with a security policy having a 
plurality of states) to impose access restrictions on the electronic document, the access 
restrictions being dependent on the at least one of the states of the process-driven 
security policy (fig. 17, steps 144-147); and 

subsequently changing the state of the process-driven security policy for the 
electronic document automatically based on an action(s) performed by a user upon the 
system (i.e., the Director of Research transfers the document to the VP Compliance and 
activates the Review policy), wherein the changed state is based on a transition rule 
associated with the event (i.e., document research -> document review -> document 
publishing) (figure 1 ; figures 2-3, step 7; fig. 5, step 12). A broad and reasonable 
interpretation of the claimed limitation "an internal or external system-level event" reads 
on an action(s) performed by a user upon the system. 

16. Regarding claims 8-9, Leser further discloses that the event is a user-triggered 
event occurring at or received at the client machine (i.e., the state of the process-driven 
security policy for a document changes when the user transfers the document using 
his/her computer) (fig. 16, step 136). 
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1 7. Regarding claim 1 1 , Leser further discloses that the method is performed on a 
plurality of documents on a document-by-document basis (i.e., not every document is 
associated with the process-driven security policy) (paragraph 0151). 

18. Regarding claim 1 2, Leser further discloses that a plurality of electronic 
documents are protected by the process-driven security policy at the client machine 
(i.e., different personnel works on reports protected by the policy) (paragraph 0101). 

1 9. Claims 1 3, 1 5-1 6 and 1 8-1 9 are software implementation of the method claims 6, 
8-9 and 11-12, respectively, and, therefore, are rejected by a similar rationale applied 
against claims 6, 8-9 and 11-12 as address above. 

20. Claims 6, 8-13 and 15-19 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Downs et al (6,226,618). 

21 . Regarding claims 6, Downs discloses a method for imposing access restriction 
on an electronic document, comprising: 

providing at least one process-driven security policy from a server machine to a 
client machine, the process-driven security policy having a plurality of states associated 
therewith each of the states having a different set of access restrictions (i.e., a license 
indicating a content can be accessed a certain number of times, as such, the state of 
the license changes when the content is played, and each state has a different set of 
access restrictions: a different number of times that the content can be accessed) (col. 
6, lines 36-67; col. 7, lines 1-10, lines 41-65; col. 10, lines 60-63; col. 21, lines 43-63; 
col. 59, lines 7-66); 
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associating an electronic document with at least one of the states of the process- 
driven security policy to impose access restrictions on an electronic document, the 
access restrictions being dependent on the at least one of the states of the process- 
driven security policy (i.e., embedding usage conditions in the content for controlling 
access to content) (col. 59, lines 7-66; col. 63, line 61 - col. 64, line 34; col. 82, lines 6- 
22); and 

subsequently changing the state of the process-driven security policy for the 
electronic document automatically based on an internal or external system-level event, 
wherein the changed state is based on a transition rule associated with the event (i.e., 
the process of playing the content causes a change in the state of the license, which 
has a new set of access restrictions: the number of times the content can be played is 
subtracted 1) (col. 7, lines 41-65; col. 21, lines 43-63; col. 59, lines 7-66). 

22. Regarding claims 8-9, Downs further discloses that the event is a user-triggered 
event occurring at the client machine (i.e., the state of the process-driven security policy 
for a content changes when the content is played by the user's player) (col. 7, lines 41- 
65; col. 21, lines 43-63; col. 59, lines 7-66). 

23. Regarding claim 10, Downs further discloses that the content includes security 
information, which includes at least an indication of the state of the process-driven 
security policy for the content (col. 82, lines 6-22). 

24. Regarding claim 1 1 , Downs further discloses that the method is performed on a 
plurality of documents on a document-by-document basis (fig. 1A, elements 113). 
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25. Regarding claim 1 2, Downs further discloses that at the client machine, each of a 
plurality of electronic documents is in one of the states of the process-driven security 
policy (i.e., the content is an album containing multiple songs) (col. 52, lines 59-64). 

26. Claims 1 3, 1 5-1 9 are software implementation of the method claims 6 and 8-1 2, 
respectively, and, therefore, are rejected by a similar rationale applied against claims 6 
and 8-12 as address above. 

Claim Rejections - 35 USC § 103 

27. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

28. Claims 10 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Leser as applied to claims 6 and 13 above, and further in view of Martin et al. 
(2003/021 7264). Leser does not disclose that the electronic document includes security 
information, and the security information includes an indication of the state of the 
process-driven security policy for the electronic document. Martin discloses a method 
and system for protecting electronic document using a process-driven security policy, 
i.e., state-based access control policy, wherein the electronic document is processed by 
a user at one state of a workflow and then transferred to another user at the next state 
of the workflow (Abstract; fig. 1 , elements 8-9; paragraph 001 5). Martin further 
discloses that the electronic document includes a signature of the document signed by 
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the user at each state before the signed document is transferred to the next state (fig. 4, 
steps 70-72; paragraph 0022). It would have been obvious to one of ordinary in the art 
at the time the invention was made to modify Leser method such that the electronic 
document includes a signature of the document signed by the user at each state before 
the signed document is transferred to the next state, as taught by Martin. Using the 
signature, the user at the next state would be able to verify that the electronic document 
had not been altered from the time the user at the previous state signed the electronic 
document (paragraph 0022). 



Double Patenting 

29. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, All 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) or 1 .321 (d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 
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30. Claims 6, 1 2-1 3 and 1 9 are provisionally rejected on the ground of nonstatutory 
obviousness-type double patenting as being unpatentable over claims 21-22, 24 and 28 
of copending Application No. 10/676474. Although the conflicting claims are not 
identical, they are not patentably distinct from each other because, with one exception, 
all of the limitations in the instant claims are present in the corresponding claims of 
Application '474. The one exception is that whereas the instant claims use a process- 
driven security policy, the '474 claims use a reference to the process-driven security 
policy, However, having a reference to an object (e.g., a pointer, link, URL, etc.) is 
functionally equivalent to having the object itself. Therefore, using a reference to an 
object is an obvious variation of using the object itself, and is not a patentable difference 
between the two set of claims. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MINH DINH whose telephone number is (571)272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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